Procjevt/CVE-2026-51940 zip exploit CVE Cpanel Create: 2026-06-27 09:52:07 +0000 UTC Push: 2026-06-27 09:52:07 +0000 UTC |

grayxploit/CVE-2026-48907 CVE-2026-48907 is a CVSS 10.0 pre-auth RCE in Joomla Content Editor affecting all versions ≤ 2.9.99.4. The Grayxploit team breaks down the 3-weakness chain — missing auth, no extension validation, and an unsafe upload flag — that lets attackers pop a shell in 3 HTTP requests. Create: 2026-06-27 09:28:25 +0000 UTC Push: 2026-06-27 09:28:26 +0000 UTC |

Polosss/By-Poloss..-..CVE-2026-12432-PoC WP Full Stripe Free <= 8.4.3 - Missing Authorization Create: 2026-06-27 09:11:15 +0000 UTC Push: 2026-06-27 09:11:16 +0000 UTC |

Hunt-Benito/traefik-stripprefix-auth-bypass-cve-2026-48020-path-normalization Create: 2026-06-27 08:17:05 +0000 UTC Push: 2026-06-27 08:17:06 +0000 UTC |

kpatsakis/CVE-2026-36834 Out-of-bounds array read in LibRaw Create: 2026-06-27 06:52:08 +0000 UTC Push: 2026-06-27 06:52:08 +0000 UTC |

gh1mau/masta-cve-2026-48907 cve-2026-48907 scanner Create: 2026-06-27 04:48:09 +0000 UTC Push: 2026-06-27 04:48:10 +0000 UTC |

MobiusM/CVE-2026-43499 CVE-2026-43499 PoC Create: 2026-06-27 04:09:11 +0000 UTC Push: 2026-06-27 05:04:04 +0000 UTC |

HORKimhab/CVE-2026-46331 CVE-2026-46331 - Draft Create: 2026-06-27 03:54:14 +0000 UTC Push: 2026-06-27 03:54:14 +0000 UTC |

0xBlackash/CVE-2026-8932 CVE-2026-8932 Create: 2026-06-26 22:21:07 +0000 UTC Push: 2026-06-26 22:21:08 +0000 UTC |

reactivezero/CVE-2026-20251 CVE-2026-20251 — Splunk Secure Gateway jsonpickle deserialization RCE (CVSS 8.8) | ReactiveZero Security Research Create: 2026-06-26 21:12:30 +0000 UTC Push: 2026-06-26 21:12:34 +0000 UTC |

sec0x/CVE-2026-43503 Create: 2026-06-26 21:01:39 +0000 UTC Push: 2026-06-26 21:01:57 +0000 UTC |

00lucasm/CVE-2025-58434-Flowiseai-Auth-Bypass-PoC Flowiseai Flowise Auth Bypass Vulnerability Proof of Concept Create: 2026-06-26 20:41:15 +0000 UTC Push: 2026-06-26 21:17:52 +0000 UTC |

0xBlackash/CVE-2026-46331 CVE-2026-46331 Create: 2026-06-26 18:57:23 +0000 UTC Push: 2026-06-26 18:57:24 +0000 UTC |

fevar54/CVE-2026-20253-Splunk-Enterprise-Pre-Auth-RCE- Create: 2026-06-26 18:13:31 +0000 UTC Push: 2026-06-26 18:13:32 +0000 UTC |

xxconi/CVE-2026-12415-or-CVE-2026-12416.py CVE-2026-12415-or-CVE-2026-12416.py Create: 2026-06-26 18:12:20 +0000 UTC Push: 2026-06-26 18:12:42 +0000 UTC |

Polosss/By-Poloss..-..CVE-2026-39938 Cacti <= 1.2.30 Create: 2026-06-26 17:27:57 +0000 UTC Push: 2026-06-26 17:27:58 +0000 UTC |

n0bitaemon/CVE-2026-26980-PoC Ghost CMS Content API Blind SQL Injection Create: 2026-06-26 16:50:28 +0000 UTC Push: 2026-06-26 16:50:28 +0000 UTC |

hacbs-release-tests/collectors-no-cve-6d20b03c Create: 2026-06-26 14:24:42 +0000 UTC Push: 2026-06-26 14:25:22 +0000 UTC |

0xmrma/CVE-2026-46558 Plane’s V2 asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one authenticated user read, copy, delete, and overwrite assets in other workspaces. Create: 2026-06-26 12:57:38 +0000 UTC Push: 2026-06-26 12:57:38 +0000 UTC |

0xmrma/CVE-2026-45806 Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering. Create: 2026-06-26 12:50:43 +0000 UTC Push: 2026-06-26 12:50:43 +0000 UTC |